Tushar Verma 🇮🇳 Profile picture
Application Security Engineer @ShaadiDotCom | Synack Red Team Member @SynackRedTeam | Speaker | Blogger
Durja Profile picture 1 added to My Authors
3 Dec
Cloud Metadata Dictionary useful for SSRF Testing

## IPv6 Tests

http://[::ffff:169.254.169.254]

http://[0:0:0:0:0:ffff:169.254.169.254]

#bugbountytips #bugbounty #bugbountytip
## AWS

# Amazon Web Services (No Header Required)

# from docs.aws.amazon.com/AWSEC2/latest/…

http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy

http://169.254.169.254/latest/user-data

http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]

http://169.254.169.254/latest/meta-data/ami-id

http://169.254.169.254/latest/meta-data/reservation-id

http://169.254.169.254/latest/meta-data/hostname
Read 12 tweets
9 Nov
AWS Security Testing Checklist

=Identity and Access Management

1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled
3-Ensure access keys are rotated every 90 days or less
4-Ensure IAM password policy requires at least one uppercase letter
5-Ensure IAM password policy requires at least one lowercase letter
6-Ensure IAM password policy requires at least one symbol
7-Ensure IAM password policy requires at least one number
8-Ensure IAM password policy requires minimum length of 14 or greater
9-Ensure no root account access key exists
10-Ensure MFA is enabled for the "root" account
Read 14 tweets
5 Nov
If an LFI vulnerability exists, look for these files:

1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history

#bugbounty #bugbountytip #bugbountytips
2-Log files:
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log
3-CMS configuration files:
WordPress: /var/www/html/wp-config.php
Joomla: /var/www/configuration.php
Dolphin CMS: /var/www/html/inc/header.inc.php
Drupal: /var/www/html/sites/default/settings.php
Mambo: /var/www/configuration.php
PHPNuke: /var/www/config.php
Read 5 tweets
5 Nov
DevSecOps Automation

1-Static Application Security Testing (SAST)
-SonarQube
-CxSAST (Checkmarx)
-Fortify
-Veracode Static Analysis (Veracode)
2-Software composition analysis (SCA)
-Blackduck
-WhiteSource
-Snyk
-Threatwatch
-CAST Highlight
-Dependency-Track
-Veracode Software Composition Analysis
-Whitehat Sentinel SCA Essentials
3-Dynamic application security testing (DAST)
-Acunetix WVS
-IBM Appscan
-Netsparker
-Burp Suite
Read 7 tweets
4 Nov
AWS Security Best Practices

1-Identify Security Requirements
-Define and Categorize Assets in AWS
-Create Classifications for Data and Applications
2-Deploy Solutions Designed to Solve Cloud Security Challenges
-Manage Cloud Access: Limiting
-Use Cloud-Native Security Solutions
-Protect All Your Perimeters and Segment Everything
-Maintain a Consistent Security Posture Throughout AWS Deployments
-Manage AWS accounts, IAM Users, Groups, and Roles
-Manage Access to Amazon EC2 Instances

3-Protect AWS Workloads
-Implement Cloud Workload Protection for Serverless and Containers
-Implement Proactive Cloud Security
-Define Incident Response Policies and Procedures
Read 4 tweets
28 Sep
File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips
2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php
3-Change the casing of the extension-Try different combinations of lower and upper case, for example pHp, PhP, phP, Php etc
Read 13 tweets